<?php
  /*
    srcstr
      index.php - main unit
      (c)2006-2012 Matthew Hipkin <http://www.matthewhipkin.co.uk>
  */
  include("config.inc.php");
  include("dbconnect.inc.php");
  if(substr($_SERVER['HTTP_USER_AGENT'],0,6) != "srcstr") die("Nope!");
  header("Content-type: text/xml");
  $result = mysql_query("SELECT `uid`, `realname`, `email`, `admin` FROM `users` WHERE `username`='".$_POST['username']."' AND `passwd`=MD5('".$_POST['password']."') AND `active`=1");    
  if(mysql_num_rows($result) < 1) {
    $r = Array();
    $r['errorCode'] = "103";
    $r['errorText'] = "Invalid username/password";
    echo doSimpleXML("response",$r);
    die;
  }
  list($user,$name,$email,$admin) = mysql_fetch_array($result);
  if($_POST['m'] == "login") {
    $r = Array();
    $r['login'] = "OK";
    $r['admin'] = "$admin";
    echo doSimpleXML("response",$r);
    die;
  }
  if($_POST['m'] == "listProjects") {
    $result = mysql_query("SELECT `pid`,`title`,`description`,`createdate` FROM `projects`");
    $xml = "<?xml version=\"1.0\"?>\n";
    $xml .= "<projects>\n";  
    while($output = mysql_fetch_row($result)) {
      $xml .= "  <project>\n";
      $xml .= "    <id>$output[0]</id>\n";
      $xml .= "    <title>$output[1]</title>\n";
      $xml .= "    <createdate>$output[3]</createdate>\n";
      $xml .= "    <description>$output[2]</description>\n";
      $xml .= "  </project>\n";
    }
    $xml .= "</projects>\n";  
    echo $xml;  
    die;
  }
  if($_POST['m'] == "listFiles") {
    if(!isset($_POST['proj'])) die(doSimpleXML("response",Array("errorCode" => "104", "errorText" => "No project specified")));  
    $res = mysql_query("SELECT `filename`,MAX(`version`) FROM `files` WHERE `pid`=".$_POST['proj']." GROUP BY `filename` ORDER BY `filepath`,`filename`");
    $xml = "<?xml version=\"1.0\"?>\n";
    $xml .= "<files>\n";   
    while(list($filename,$version) = mysql_fetch_array($res)) {
      $result = mysql_query("SELECT `fid`,`filename`,`filesize`,`filepath`,`uploader`,`version`,`filedate` FROM `files` WHERE `filename`='$filename' AND `version`=$version");
      $output = mysql_fetch_row($result);
      $xml .= "<file>\n";
      $xml .= "  <id>$output[0]</id>\n";
      $xml .= "  <filename>$output[1]</filename>\n";
      $xml .= "  <filesize>$output[2]</filesize>\n";
      $xml .= "  <filedate>$output[6]</filedate>\n";
      $xml .= "  <filepath>$output[3]</filepath>\n";
      $xml .= "  <revision>$output[5]</revision>\n";
      $xml .= "</file>\n";
    }
    $xml .= "</files>\n";  
    echo $xml;   
    die;
  }
  if($_POST['m'] == "createProject") {
    $result = mysql_query("SELECT * FROM `projects` WHERE `title`='".$_POST['title']."'");
    if(mysql_num_rows($result) > 0) {
      $r = Array();
      $r['errorCode'] = "105";
      $r['errorText'] = "Project title already exists";
      echo doSimpleXML("response",$r);
      die;
    }
    $result = mysql_query("INSERT INTO `projects` VALUES ('','".$_POST['title']."','".mysql_real_escape_string($_POST['description'])."',$user,NOW())");
    $r = Array();
    $r['status'] = "OK";
    $r['pid'] = mysql_insert_id();
    $r['mysqlerror'] = mysql_error();
    echo doSimpleXML("response",$r); 
    die;
  }
  if($_POST['m'] == "addFile") {
    if(!isset($_POST['proj'])) die(doSimpleXML("response",Array("errorCode" => "104", "errorText" => "No project specified")));  
    if($_FILES['upfile']['name'] == "") die(doSimpleXML("response",Array("errorCode" => "106", "errorText" => "No file specified")));   
    $result = mysql_query("SELECT `fid`,`md5hash`,`uploader`,`version` FROM `files` WHERE `filename`='".$_FILES['upfile']['name']."' AND `pid`=".$_POST['proj']);
    if(mysql_num_rows($result) === 0) {
      // New file
      $fc = file_get_contents($_FILES['upfile']['tmp_name']);
      $result = mysql_query("INSERT INTO `files` VALUES ('',".$_POST['proj'].",'".$_FILES['upfile']['name']."',NOW(),'".filesize($_FILES['upfile']['tmp_name'])."','".$_POST['path']."','".$_POST['md5']."','$user',1,'".mysql_real_escape_string($fc)."')");
      echo mysql_error();
   }
    
  }
?>